Filippo Micalizzi wrote / napísal(a):
> Juraj Sakala ha scritto:
>> Filippo Micalizzi wrote / napísal(a):
>>> Hi guys,
>>> I've successfully installed on my customer one mini linux server
>>> with ubuntu
>>> 7.10 server edition, in which thanks to squid/ntlm autentication
>>> the only
>>> the member of internet-users group in Ad could access to the web.
>>> Now we
>>> would like to introduce a content filtering proxy (Dansguardian) and
>>> let it
>>> work with squid in order to add the this service. The problem is
>>> when squid
>>> listen on 127.0.0.1 acl doesn't work anymore and anyone could access
>>> to the
>>> web. I've read this problem is solved by using a special patch that
>>> enable
>>> the X-forwarding of ip address of the real client, and that's work
>>> again.
>>> I've downloaded this patch but every with all version of 2.6 I've
>>> got error
>>> on compiling (hunk ...FAILED).... Is it possible to get a new
>>> working one?
>>> I've tried to download a patch for newer version 3.0 stable 1 but it
>>> does,'t
>>> run..... My squid version is 2.6.STABLE14.
>>> Thank you very much everyboady!!!
>> You do not need to patch 2.6STABLE14. Just compile with
>> --enable-follow-x-forwarded-for.
> Hi,
> thank you again for your prompt answer....
> I've recompile it with this option and I added in my acl this option
> as suggested in the patcher's website
>
> acl localhost src 127.0.0.1
> acl my_other_proxy srcdomain .proxy.example.com
> follow_x_forwarded_for allow localhost
> follow_x_forwarded_for allow my_other_proxy
> acl_uses_indirect_client on
> delay_pool_uses_indirect_client on
> log_uses_indirect_client on
>
>
> but it still doesn't run...
for testing purpose try this:
follow_x_forwarded_for allow all
acl_uses_indirect_client on
delay_pool_uses_indirect_client on
log_uses_indirect_client on
what is in the access.log?
Do you have directive forwarded_for on child "my_other_proxy"? Is yours
DansGuradian configured for sending header X-Forwarded-For via directive
forwardedfor = on and usexforwardedfor=on?
Received on Sun Mar 30 2008 - 04:36:10 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Apr 01 2008 - 13:00:05 MDT